mozilla
/
kitsune
зеркало из https://github.com/mozilla/kitsune.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Access decorators no longer redirect if Ajaxy. [bug 651254]

This commit is contained in:
James Socol 2011-04-21 19:34:58 -04:00
Родитель e35bd18ea0
Коммит 774d10b10b
2 изменённых файлов: 31 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
apps/access/decorators.py
Просмотреть файл

@ -27,7 +27,8 @@ def user_access_decorator(redirect_func, redirect_url_func, deny_func=None,
""" """
def decorator(view_fn): def decorator(view_fn):
def _wrapped_view(request, *args, **kwargs): def _wrapped_view(request, *args, **kwargs):
if redirect_func(request.user): redirect = redirect_func(request.user)
if redirect and not request.is_ajax():
# We must call reverse at the view level, else the threadlocal # We must call reverse at the view level, else the threadlocal
# locale prefixing doesn't take effect. # locale prefixing doesn't take effect.
redirect_url = redirect_url_func() or reverse('users.login') redirect_url = redirect_url_func() or reverse('users.login')
@ -39,8 +40,8 @@ def user_access_decorator(redirect_func, redirect_url_func, deny_func=None,
redirect_url, redirect_field, path) redirect_url, redirect_field, path)
return HttpResponseRedirect(redirect_url) return HttpResponseRedirect(redirect_url)
elif ((redirect and request.is_ajax()) or
if deny_func and deny_func(request.user): (deny_func and deny_func(request.user))):
return HttpResponseForbidden() return HttpResponseForbidden()
return view_fn(request, *args, **kwargs) return view_fn(request, *args, **kwargs)

27
apps/access/tests/test_decorators.py
Просмотреть файл

@ -38,6 +38,15 @@ class LogoutRequiredTestCase(TestCase):
eq_(302, response.status_code) eq_(302, response.status_code)
eq_('/bar', response['location']) eq_('/bar', response['location'])
def test_no_redirect_ajax(self):
"""Ajax requests should not redirect."""
request = test_utils.RequestFactory().get('/foo')
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
request.user = User.objects.get(username='jsocol')
view = logout_required(simple_view)
response = view(request)
eq_(403, response.status_code)
class LoginRequiredTestCase(TestCase): class LoginRequiredTestCase(TestCase):
fixtures = ['users.json'] fixtures = ['users.json']
@ -79,6 +88,15 @@ class LoginRequiredTestCase(TestCase):
response = view(request) response = view(request)
eq_(200, response.status_code) eq_(200, response.status_code)
def test_no_redirect_ajax(self):
"""Ajax requests should not redirect."""
request = test_utils.RequestFactory().get('/foo')
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
request.user = AnonymousUser()
view = login_required(simple_view)
response = view(request)
eq_(403, response.status_code)
class PermissionRequiredTestCase(TestCase): class PermissionRequiredTestCase(TestCase):
fixtures = ['users.json'] fixtures = ['users.json']
@ -114,3 +132,12 @@ class PermissionRequiredTestCase(TestCase):
view = permission_required('perm')(simple_view) view = permission_required('perm')(simple_view)
response = view(request) response = view(request)
eq_(200, response.status_code) eq_(200, response.status_code)
def test_no_redirect_ajax(self):
"""Ajax requests should not redirect."""
request = test_utils.RequestFactory().get('/foo')
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
request.user = AnonymousUser()
view = permission_required('perm')(simple_view)
response = view(request)
eq_(403, response.status_code)